CVE-2016-1773
https://notcve.org/view.php?id=CVE-2016-1773
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors. El subsistema de firmado de código en Apple OS X en versiones anteriores a 10.11.4 no verifica correctamente el propietario del archivo, lo que permite a usuarios locales determinar la existencia de archivos arbitrarios a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-1768 – Apple QuickTime < 7.7.79.80.95 - '.FPX' Parsing Memory Corruption
https://notcve.org/view.php?id=CVE-2016-1768
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767. QuickTime en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos ejecutar código arbitrario o causar un denegación de servicio (corrupción de memoria) a través de una imagen FlashPix manipulada, una vulnerabilidad diferente a CVE-2016-1767. • https://www.exploit-db.com/exploits/39634 http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1745
https://notcve.org/view.php?id=CVE-2016-1745
IOFireWireFamily in Apple OS X before 10.11.4 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. IOFireWireFamily in Apple OS X en versiones anteriores a 10.11.4 permite a usuarios locales causar una denegación de servicio (referencia a puntero NULL) a través de vectores no especificados. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 •
CVE-2016-1759
https://notcve.org/view.php?id=CVE-2016-1759
The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. El kernel en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes ejecutar código arbitrario en un contexto privilegiado o causar una denegación de servicio (corrupción de memoria) a través de una app manipulada. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-1764
https://notcve.org/view.php?id=CVE-2016-1764
The Content Security Policy (CSP) implementation in Messages in Apple OS X before 10.11.4 allows remote attackers to obtain sensitive information via a javascript: URL. La implementación de Content Security Policy (CSP) en Mensajes en Apple OS X en versiones anteriores a 10.11.4 permite a atacantes remotos obtener información sensibles a través de una URL javascript:. • http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html http://www.securitytracker.com/id/1035363 https://support.apple.com/HT206167 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •